Problem
When hosting an Asp.Net Core 2.0 or 2.1 Web Application behind IIS with Windows Authentication set to true, and Anonymous Authentication set to false, the User.Identity.Name property is null and User.Identity.IsAuthenticated is false.
According to the documentation here, Windows Authentication should just work in Asp.Net Core 2.x when hosting with IIS.
Background
I'm in the process of migrating an Asp.Net 4.x MVC application over to Asp.Net Core following the Migrate from ASP.NET MVC to ASP.NET Core MVC guide.
I'm testing the site on a server that is currently hosting Asp.Net 4.x MVC applications that use Windows Authentication without issue. The Identity of the Windows user is available as expected.
After completing the migration guide and fixing all build issues, I've created a "Local IIS" profile under "Debug" in the web project properties, setting the "Launch" option to "IIS". I've ticked only "Enable Windows Authentication" and then browsed to the website. Despite being logged in with valid domain credentials, User.Identity.Name is still null.
I installed the .Net Core 2.1 SDK before starting the migration process and have previously installed the .Net Core 1.0.1 SDK Preview. The server is running Windows 2008 R2 with IIS 7.
What I've Tried
In order to ensure I hadn't introduced this problem during the migration process I created a new ASP.NET Core Web Applications, using the MVC template and targeting .NET Framework 4.7.2. I configured "Windows Authentication" when choosing the template. After confirming that Windows Authentication worked when using IIS Express, I configured Local IIS as above. When browsed to under IIS, the top right of the navigation bar shows "Hello, !". I tried this with templates from Asp.Net Core SDK 2.0 and 2.1.
I've followed various guides and Stackoverflow answers all relating to configuring Windows Authentication within the Asp.Net Core application itself. Results have been either no change, or continuous login prompts that never accept a valid username and password. It appears these solutions may be written for older versions of the framework or scenarios where the developer is attempting to combine multiple authentication methods.
Cause
The server has an outdated .Net Core 2.0 IIS Module installed that does not forward windows authentication details by default. This problem is described here: .Net Core 2.0 Project With Windows Authentication Fail When Published to IIS. Installing the latest .Net Core 2.0 Runtime should fix this.
This can be verified this by running the following in PowerShell:
(Get-Item $env:SystemDrive\Windows\System32\inetsrv\aspnetcore.dll).VersionInfo
This gives the following output:
ProductVersion FileVersion FileName
-------------- ----------- --------
7.1.1967.0 7.1.1967.0 C:\Windows\System32\inetsrv\aspnetcore.dll
The server requires version 7.1.1972.0 or higher.
Solution 1 - Project Fix
In the web.config generated by Visual Studio 2017 when configuring Local IIS, add forwardWindowsAuthToken="true" as an attribute to the <aspNetCore> element:
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<location path="." inheritInChildApplications="false">
<system.webServer>
<handlers>
<add name="aspNetCore" path="*" verb="*" modules="AspNetCoreModule" resourceType="Unspecified" />
</handlers>
<aspNetCore processPath="bin\IISSupport\VSIISExeLauncher.exe" arguments="-argFile IISExeLauncherArgs.txt" stdoutLogEnabled="false" forwardWindowsAuthToken="true" />
</system.webServer>
</location>
<system.web>
<authentication mode="Windows" />
</system.web>
</configuration>
Solution 2 - System-Wide Fix
Download and install the latest .Net Core Runtime from the .Net downloads page. The Runtime includes the Windows Hosting Bundle and required IIS module. If the SDK is already installed this will include the Runtime, however, the Runtime may still need to be installed again by itself to fix this issue (choose the repair option).